Caesars Entertainment Suffers Data Breach and Pays Ransom to Hackers

Caesars Entertainment, which calls itself the largest casino network in the United States with the industry’s most extensive loyalty program, has reported falling victim to a cyberattack. The company ultimately paid a ransom to hackers to prevent the leak of customer data. Researchers believe the group behind the attack may be Scattered Spider, which recently targeted MGM Resorts.

Details of the Cyberattack

According to documents filed by Caesars Entertainment with the U.S. Securities and Exchange Commission this week, the attack was discovered on September 7, 2023. The investigation revealed that the attackers successfully stole the company’s loyalty program database, which included, among other things, customers’ driver’s license information and Social Security numbers.

The company emphasized that the attack did not affect its operations or customer services, and everything continues to function as normal. The incident was described as a “social engineering attack on an outsourced IT support provider.”

“To date, we have no evidence that unauthorized parties obtained any customer passwords or PINs, bank account information, or payment card details,” company representatives wrote, noting that the investigation is still ongoing.

Ransom Payment and Ongoing Risks

The documents also mention that the company paid a ransom to the attackers to prevent the stolen data from being leaked. According to the Wall Street Journal, Caesars Entertainment paid hackers approximately $15 million, although the initial demand was double that—$30 million.

Caesars Entertainment admits it cannot provide any guarantees regarding the hackers’ future actions and does not rule out the possibility that the stolen customer information could still be sold or published online.

“We have taken steps to ensure the stolen data is deleted by the unauthorized party, but we cannot guarantee the outcome. We are monitoring the situation online and have not yet found any signs that the data is being further distributed, published, or misused,” the documents state.

Suspected Group Behind the Attack

While Caesars Entertainment’s report does not link the attack to any specific hacker group, Bloomberg journalists believe Scattered Spider may be responsible. This group is also known as 0ktapus (Group-IB), UNC3944 (Mandiant), and Scatter Swine (Okta).

Researchers say Scattered Spider primarily uses social engineering to breach corporate networks. Their tactics include impersonating technical support staff to trick users into revealing credentials, SIM swapping attacks to gain control of phone numbers, phishing, and other methods to bypass multi-factor authentication.

The core members of Scattered Spider are believed to be English-speaking teenagers aged 16 to 22, and the group is often compared to Lapsus$, whose members used similar attack methods and were of a similar age.

Connection to MGM Resorts Attack

This same group is also linked to the recent attack on MGM Resorts, which owns hotel, resort, and casino networks worldwide. The attack on MGM Resorts occurred the previous weekend and resulted in the shutdown of many of the company’s computer systems, including the websites of major hotels in Las Vegas and New York, reservation systems, and some casino services.